API Performance Analysis

Here at APImetrics, we’ve been at the cutting edge of API performance analysis for over four years now. So we tend to forget how far things have come in just a short period of time. This was brought home to me just today by a thought piece in Forbes on the API economy.

This point in particular leapt straight off the screen at me:

APIs have become so essential to businesses that 85% consider web APIs and API-based integration fundamental to their business strategy and continued success.

Five years ago, we were still having conversations with our clients about why APIs even mattered. Now we’re seeing entire industries and regulatory frameworks growing up around both APIs and the services they deliver.

Consider Open Banking APIs

Until recently, you’d sign into your bank using a proprietary interface that would communicate over propriety standards to the bank’s own back end. Systems that allowed users to access their financial data for other applications, like Mint, used insecure screen scraping technologies. Payment services were the preserve of a few expensive providers.

This week, we will be attending the Open Banking World Congress in London. Hundreds of representatives of banks and newer, challenger banks will be exploring the latest trends in financial services and open banking API roll-outs. The UK regulator OBIE will be there as well as representatives of banking regulators from Europe, Japan, Africa and more.

We’ll all be taking about how to monitor and regulate an industry that didn’t exist just a few years ago. And yet, the problems we set out to solve four years ago are even more critical today.

API performance, quality and operational issues

API performance, quality and operational issues aren’t just a DevOps technical domain. They’re a business domain. It’s not enough to be able to defend internally that your systems are working. You have to be able to generate BI and MI for (in the case of Europe and PSD2) potentially dozens of regional regulators. All with very different visions on what that information ought to be, and you have to be able to defend the quality of the data adequately from external complaints by third parties.

The Forbes article notes that you should track uptime and errors. But that’s inadequate for the real-world uses that the regulators of Open Banking in the UK, Europe, Australia and New Zealand are looking for, which include:

  • Error rates
  • Uptime and availability – not necessarily the same as errors
  • Latency – the times taken for transactions
  • Outliers – measured differently by different regulating bodies

Even for something as simple as a pass/fail error rate, there are multiple potential failure modes that could look like a service is working perfectly – but actually not working at all. This is a situation we saw with a UK CMA9 bank in 2018.

Tracking these numbers and being able to prove that your APIs are of acceptable quality is a business overhead that can be overwhelming. And it’s one that we at APImetrics are solving with a single solution. But as a business risk, given the stakes involved in the future of business and banking, API performance and operational quality are not things you can afford to ignore.

“smartphone” by Witches Falls Cotages is licensed under CC BY 2.0